imminent | 1e3c0558f0ad39a9783c459f03db340e2059a1d88dde6cde0217b3394e8356d8 | Triage

Sharing

General

Target

1e3c0558f0ad39a9783c459f03db340e2059a1d88dde6cde0217b3394e8356d8
Size

813KB
Sample

221128-xlds6sda4y
MD5

32aadc848be09a6bea62ca6875aa0bcb
SHA1

ec8c42c9fa8358d33b32bf07f25967cba18ee2f2
SHA256

1e3c0558f0ad39a9783c459f03db340e2059a1d88dde6cde0217b3394e8356d8
SHA512

a68e94c3df9f07b7686bc7254b2c6cc5b5ef4ac179240361ffcc05b3a393df1d480a579e3a826c7ad21711bb7998c91aff4f9cd928f583fde1e4ef5d2020067f
SSDEEP

12288:rWup0aV6QKvbAv+lY2Edfw9Dp/anz4GnBK0rKbLPDtlBT2N:vjVRmA3Pfwhp/Ccb5lBT2N

Score

10^/10

imminent persistence spyware trojan

Malware Config

Targets

- Target
  
  1e3c0558f0ad39a9783c459f03db340e2059a1d88dde6cde0217b3394e8356d8
- Size
  
  813KB
- MD5
  
  32aadc848be09a6bea62ca6875aa0bcb
- SHA1
  
  ec8c42c9fa8358d33b32bf07f25967cba18ee2f2
- SHA256
  
  1e3c0558f0ad39a9783c459f03db340e2059a1d88dde6cde0217b3394e8356d8
- SHA512
  
  a68e94c3df9f07b7686bc7254b2c6cc5b5ef4ac179240361ffcc05b3a393df1d480a579e3a826c7ad21711bb7998c91aff4f9cd928f583fde1e4ef5d2020067f
- SSDEEP
  
  12288:rWup0aV6QKvbAv+lY2Edfw9Dp/anz4GnBK0rKbLPDtlBT2N:vjVRmA3Pfwhp/Ccb5lBT2N
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan